WP REST API Stage Two: Content API

Description

This will be used as the master tracking ticket for Stage Two of the WP REST API feature plugin, which has been proposed for merge in the 4.7 release.

Stage Two Content API: For WordPress 4.7 the API team proposes to merge API endpoints for WordPress content types. These endpoints provide machine-readable external access to your WordPress site with a clear, standards-driven interface, allowing new and innovative apps for interacting with your site. These endpoints support all of the following:

Content:

Posts: Read and write access to all post data, for all types of post-based data, including pages and media.

Comments: Read and write access to all comment data. This includes pingbacks and trackbacks.

Terms: Read and write access to all term data.

Users: Read and write access to all user data. This includes public access to some data for post authors.

Meta: Read and write access to metadata for posts, comments, terms, and users, on an opt-in basis from plugins.

Management:

Settings: Read and write access to settings, on an opt-in basis from plugins and core. This enables API management of key site content values that are technically stored in options, such as site title and byline.

This merge proposal represents a complete and functional Content API, providing the necessary endpoints for mobile apps and frontends, and lays the groundwork for future releases focused on providing a Management API interface for full site administration.

Content API endpoints support both public and authenticated access. Authenticated access allows both read and write access to anything your user has access to, including post meta and settings. Public access is available for any already-public data, such as posts, terms, and limited user data for published post authors. To avoid potential privacy issues we’ve taken pains to ensure that everything we’re exposing is already public, and the API uses WordPress’ capability system extensively to ensure that all data is properly secured.

Just like the rest of WordPress, the Content API is fully extensible, supporting custom post meta, as well as allowing more complex data to be added via register_rest_field. The API is built around standard parts of WordPress, including the capability system and filters, so extending the API in plugins should feel as familiar to developers as extending any other part of WordPress.

This Content API is targeted at a few primary use cases, including enhancing themes with interactivity, creating powerful plugin interfaces, building mobile and desktop applications, and providing alternative authoring experiences. We’ve been working on first-party examples of these, including a mobile app using React Native and a liveblogging web app, as well as getting feedback from others, including WIRED, the New York Times, and The Times of London. Based on experience building on the API, we’ve polished the endpoints and expanded to support settings endpoints, which are included as the first part of the Management API.

REST API endpoints for your WordPress content. These endpoints provide machine-readable external access to your WordPress site with a clear, standards-driven interface, allowing new and innovative apps for interacting with your site. These endpoints support all of the following:

Posts: Read and write access to all post data, for all types of post-based data, including pages and media.

Comments: Read and write access to all comment data. This includes pingbacks and trackbacks.

Terms: Read and write access to all term data.

Users: Read and write access to all user data. This includes public access to some data for post authors.

Meta: Read and write access to metadata for posts, comments, terms, and users, on an opt-in basis from plugins.

Settings: Read and write access to settings, on an opt-in basis from plugins and core. This enables API management of key site content values that are technically stored in options, such as site title and byline.